Filseclab’s product has a slow installation process and requires a reboot to complete. The interface is pleasantly designed and simply laid out (although the configuration screen is rather cluttered with a wealth of options described in less than helpful language). It seemed splendidly stable and responsive throughout testing. On-demand scanning proved fairly slow and showed no sign of speeding up once familiar with files, while the on-access protection did not appear to fully intercept file accesses, merely logging detections after allowing them to be accessed. As a result, the on-access speed measurements may appear faster than they ought.

Detection rates were generally fairly good, with solid scores in the trojans set and decent levels across the RAP sets despite a steady decline as the samples grew fresher. In the WildList set a number of items were not detected, including fair numbers of the W32/Virut strain – a failing that was also seen in the other polymorphic strains in the detection sets. In the clean sets a small number of false positives were noted, with some components of the popular freeware image manipulation solution The Gimp misidentified rather vaguely as ‘Trojan.Obfuscated’ – clearly a very generic detection algorithm applied slightly too severely in this case. Between them these issues are enough to deny Twister a VB100 award once again, despite continuing signs of improvement.

Filseclab bravely returns for another run in the VB100, having shown gradual improvements over its first few attempts. The install process remains simple and very speedy, although it does require a reboot to complete. The main interface is quite appealing, and a decent degree of configuration is tucked away underneath, albeit in slightly less stylish settings. The product also includes a range of other features beyond standard anti-malware, including a HIPS set-up, which is really its main strength, and also a ‘Fix Windows’ area which tweaks and adjusts a number of settings, putting the system into a safer state either after an infection or simply on spotting some of the notoriously insecure defaults in most Windows versions.

On-demand scanning speeds were fairly modest, and on-access protection is implemented in a rather unconventional manner, with no instant blocking of files but alerts, actions and log entries appearing soon after an infected file is accessed. This makes our standard on-access speed measurement somewhat unreliable, but as some slowdown was observed despite the lack of file access interception we opted to record it out of interest. Detection rates still lag behind somewhat, but seem to be improving, with only a single false alert generated in the much-expanded clean set. In the WildList, a fair number of recent items were not properly handled, with fairly large swathes of both Virut strains missed too, and Filseclab will have to keep working its way towards a VB100 award.

The somewhat oddly named Filseclab’s somewhat oddly named Twister AntiTrojanVirus makes its second appearance in the VB100, having impressed last time around with its slick presentation and stable operation if not with its detection rates. This time once again the install process was fast and smooth, although the UAC system presented some serious warnings about unknown and untrusted publishers. The main interface is clear and lucid, with a user-friendly and attractive design.

Once again the on-demand mode proved fast and stable, while the on-access mode presented something which we would later find to be a recurring issue in this test: the inability to block access to infected files. Twister is designed primarily as a behavioural and HIPS product, intended to monitor executing programs for malicious behaviour, with the standard anti-virus-style file access hooking added later than much of the product. In this case the on-access detection seems only to log attempts to access files, doing nothing to prevent them from being accessed. The logging proved reliable however, and speeds were decent in both modes, although as the on-access module was not actually preventing access, the speed measurement may not be strictly comparable with other products. Detection rates were also fairly decent, at least in the less recent items in the standard sets, although handling of polymorphic viruses was less than impressive. In the RAP sets detection rates were somewhat below par but at least even and regular. The WildList was not fully covered, with fairly minimal coverage of the Virut variant included there, and in the clean sets a number of false positives turned up, denying Filseclab a VB100 award this time, but still looking a promising prospect.

The first of the newcomers in this month’s test, Filseclab’s Twister has picked up a bit of a reputation as a strong up-and-comer on various web forums and discussion boards, and has put in some excellent performances in independent tests run in China. An initial trial version we looked at impressed us with simplicity, stability and better than expected scanning performance, and a later version submitted for the test showed even more promise. With a slick and professional-looking installation process and a clear, attractive and well laid-out interface, the product certainly looks the business and has a very good level of fine-tuning available, as well as a behavioural monitoring system that is given as much importance as the more traditional detection in the layout of the interface.

Running through the tests proved a little less straightforward than hoped thanks to some slightly unusual behaviour: on-access scanning, while triggered on read, seemed not to block access instantly, instead waiting a little before alerting on and taking action against detected items. This meant that our standard opener tool, which logs items it cannot access, recorded having successfully opened everything. Thus, detection data could only be gathered from the product’s own logs and the on-access scanning speeds, recorded in the same manner, may not quite reflect the full picture.

Detection rates were not unreasonable, particularly for a product that is entirely new to our testing system and test sets. Fairly good scores were achieved in some of the standard sets, including a surprisingly excellent handling of W32/Virut samples in the polymorphic set, with a little less coverage of older polymorphic items, and a fairly decent showing in the trojan and RAP sets. Several items in the WildList set were not covered, most of which were from the latest batch of additions, and a sprinkling of false alarms were raised in the clean sets (no big surprise on the product’s first look at their diverse content), so Twister does not qualify for a VB100 award on its first attempt, but it looks like being a strong contender in the very near future.

Filseclab has become a pretty regular competitor in our comparatives in the last couple of years, continuing to enter gamely despite not yet having achieved VB100 certification. The product arrived as a 52MB download direct from the public website, with the updater from the same source at 14MB. The set-up runs through in a few steps, and although an error message pops up at the end, all seems to have completed properly.

The interface is busy and bustling with controls, options and modules. The on-access protection seems a little unusual, kicking in shortly after file reads – thus alerting on malicious activity, but not necessarily blocking the reading or writing of malicious files. As such, the measures taken in our performance tests – which show minimal memory usage and file access lag times – may not be entirely comparable with other products under test this month. On-demand scans were a little on the slow side.

Detection rates were pretty decent – a little lower than desirable in the polymorphic set but with some very solid scores in the RAP sets. The WildList set was covered fairly well, with a few samples missed and imperfect coverage of the latest Virut strain. With a handful of false positives in the clean sets Filseclab still has a little way to go before earning that precious first VB100 award.

Twister has become a fairly familiar face in our comparatives, edging ever closer to that precious first VB100 award. The installer, 52MB with 26MB of updates, runs through quickly and easily with no surprises, ending with a call for a reboot. The interface is slick and serious-looking, with lots of controls, buttons, options and dialogs, but remains fairly simple to navigate after a little initial exploration.

Scanning speeds and on-access overheads were a bit of a mixed bag, with some fast times and some slower ones, depending on file types. Meanwhile, performance measures showed some very high memory consumption but not too much pressure on the CPU.

On-access scanning does not offer the option simply to block access to infected files, and logging seems only to function once files have been ‘cleaned’ – so we had to let the product romp through our sets, destroying as it went, which took quite some time. On-demand scans were much easier and more cooperative, and in the end some pretty decent scores were noted across the sets, with a solid showing in the RAP sets, declining slowly through the reactive weeks but with a steepish drop into week +1.

A couple of false alarms were produced in the clean sets, with the popular VLC video client being labelled as a TDSS trojan. The WildList set highlighted some problems with the complex Virut polymorphic samples, with a fair number missed, alongside a handful of the static worms and bots in the set. For now, that first VB100 award remains just out of reach for Filseclab.